/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */

/*
 * Copyright (C) 20011 Red Hat, Inc.
 *
 * Author: David Zeuthen <davidz@redhat.com>
 */

#include "config.h"

#include <pwd.h>

#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>
#include "shell-polkit-authentication-agent.h"

#include <glib/gi18n.h>

/* uncomment for useful debug output */
/* #define SHOW_DEBUG */

#ifdef SHOW_DEBUG
static void
print_debug (const gchar *format, ...)
{
  gchar *s;
  va_list ap;
  gchar timebuf[64];
  GTimeVal now;
  time_t now_t;
  struct tm broken_down;

  g_get_current_time (&now);
  now_t = now.tv_sec;
  localtime_r (&now_t, &broken_down);
  strftime (timebuf, sizeof timebuf, "%H:%M:%S", &broken_down);

  va_start (ap, format);
  s = g_strdup_vprintf (format, ap);
  va_end (ap);

  g_print ("ShellPolkitAuthenticationAgent: %s.%03d: %s\n", timebuf, (gint) (now.tv_usec / 1000), s);
  g_free (s);
}
#else
static void
print_debug (const gchar *str, ...)
{
}
#endif


struct _ShellPolkitAuthenticationAgentClass
{
  PolkitAgentListenerClass parent_class;
};

struct _AuthRequest;
typedef struct _AuthRequest AuthRequest;

struct _ShellPolkitAuthenticationAgent {
  PolkitAgentListener parent_instance;

  GList *scheduled_requests;
  AuthRequest *current_request;

  gpointer handle;
};

/* Signals */
enum
{
  INITIATE_SIGNAL,
  CANCEL_SIGNAL,
  LAST_SIGNAL
};

static guint signals[LAST_SIGNAL] = { 0 };

G_DEFINE_TYPE (ShellPolkitAuthenticationAgent, shell_polkit_authentication_agent, POLKIT_AGENT_TYPE_LISTENER);

static void initiate_authentication (PolkitAgentListener  *listener,
                                     const gchar          *action_id,
                                     const gchar          *message,
                                     const gchar          *icon_name,
                                     PolkitDetails        *details,
                                     const gchar          *cookie,
                                     GList                *identities,
                                     GCancellable         *cancellable,
                                     GAsyncReadyCallback   callback,
                                     gpointer              user_data);

static gboolean initiate_authentication_finish (PolkitAgentListener  *listener,
                                                GAsyncResult         *res,
                                                GError              **error);

void
shell_polkit_authentication_agent_init (ShellPolkitAuthenticationAgent *agent)
{
}

void
shell_polkit_authentication_agent_register (ShellPolkitAuthenticationAgent *agent,
                                            GError                        **error_out)
{
  GError *error = NULL;
  PolkitSubject *subject;

  subject = polkit_unix_session_new_for_process_sync (getpid (),
                                                      NULL, /* GCancellable* */
                                                      &error);
  if (subject == NULL)
    {
      if (error == NULL) /* polkit version 104 and older don't properly set error on failure */
        error = g_error_new (POLKIT_ERROR, POLKIT_ERROR_FAILED,
                             "PolKit failed to properly get our session");
      goto out;
    }

  agent->handle = polkit_agent_listener_register (POLKIT_AGENT_LISTENER (agent),
                                                  POLKIT_AGENT_REGISTER_FLAGS_NONE,
                                                  subject,
                                                  NULL, /* use default object path */
                                                  NULL, /* GCancellable */
                                                  &error);

 out:
  if (error != NULL)
    g_propagate_error (error_out, error);

  if (subject != NULL)
    g_object_unref (subject);
}

static void
shell_polkit_authentication_agent_finalize (GObject *object)
{
  ShellPolkitAuthenticationAgent *agent = SHELL_POLKIT_AUTHENTICATION_AGENT (object);
  shell_polkit_authentication_agent_unregister (agent);
  G_OBJECT_CLASS (shell_polkit_authentication_agent_parent_class)->finalize (object);
}

static void
shell_polkit_authentication_agent_class_init (ShellPolkitAuthenticationAgentClass *klass)
{
  GObjectClass *gobject_class;
  PolkitAgentListenerClass *listener_class;

  gobject_class = G_OBJECT_CLASS (klass);
  gobject_class->finalize = shell_polkit_authentication_agent_finalize;

  listener_class = POLKIT_AGENT_LISTENER_CLASS (klass);
  listener_class->initiate_authentication = initiate_authentication;
  listener_class->initiate_authentication_finish = initiate_authentication_finish;

  signals[INITIATE_SIGNAL] =
    g_signal_new ("initiate",
                  G_TYPE_FROM_CLASS (klass),
                  G_SIGNAL_RUN_LAST,
                  0,    /* class_offset */
                  NULL, /* accumulator */
                  NULL, /* accumulator data */
                  NULL, /* marshaller */
                  G_TYPE_NONE,
                  5,
                  G_TYPE_STRING,
                  G_TYPE_STRING,
                  G_TYPE_STRING,
                  G_TYPE_STRING,
                  G_TYPE_STRV);

  signals[CANCEL_SIGNAL] =
    g_signal_new ("cancel",
                  G_TYPE_FROM_CLASS (klass),
                  G_SIGNAL_RUN_LAST,
                  0,    /* class_offset */
                  NULL, /* accumulator */
                  NULL, /* accumulator data */
                  NULL, /* marshaller */
                  G_TYPE_NONE,
                  0);
}

ShellPolkitAuthenticationAgent *
shell_polkit_authentication_agent_new (void)
{
  return SHELL_POLKIT_AUTHENTICATION_AGENT (g_object_new (SHELL_TYPE_POLKIT_AUTHENTICATION_AGENT, NULL));
}

struct _AuthRequest {
  /* not holding ref */
  ShellPolkitAuthenticationAgent *agent;
  GCancellable *cancellable;
  gulong handler_id;

  /* copies */
  gchar          *action_id;
  gchar          *message;
  gchar          *icon_name;
  PolkitDetails  *details;
  gchar          *cookie;
  GList          *identities;

  GTask *simple;
};

static void
auth_request_free (AuthRequest *request)
{
  g_free (request->action_id);
  g_free (request->message);
  g_free (request->icon_name);
  g_object_unref (request->details);
  g_free (request->cookie);
  g_list_foreach (request->identities, (GFunc) g_object_unref, NULL);
  g_list_free (request->identities);
  g_object_unref (request->simple);
  g_free (request);
}

static void
auth_request_initiate (AuthRequest *request)
{
  gchar **user_names;
  GPtrArray *p;
  GList *l;

  p = g_ptr_array_new ();
  for (l = request->identities; l != NULL; l = l->next)
    {
      if (POLKIT_IS_UNIX_USER (l->data))
        {
          PolkitUnixUser *user = POLKIT_UNIX_USER (l->data);
          gint uid;
          gchar buf[4096];
          struct passwd pwd;
          struct passwd *ppwd;

          uid = polkit_unix_user_get_uid (user);
          if (getpwuid_r (uid, &pwd, buf, sizeof (buf), &ppwd) == 0)
            {
              if (!g_utf8_validate (pwd.pw_name, -1, NULL))
                {
                  g_warning ("Invalid UTF-8 in username for uid %d. Skipping", uid);
                }
              else
                {
                  g_ptr_array_add (p, g_strdup (pwd.pw_name));
                }
            }
          else
            {
              g_warning ("Error looking up user name for uid %d", uid);
            }
        }
      else
        {
          g_warning ("Unsupporting identity of GType %s", g_type_name (G_TYPE_FROM_INSTANCE (l->data)));
        }
    }
  g_ptr_array_add (p, NULL);
  user_names = (gchar **) g_ptr_array_free (p, FALSE);
  g_signal_emit (request->agent,
                 signals[INITIATE_SIGNAL],
                 0, /* detail */
                 request->action_id,
                 request->message,
                 request->icon_name,
                 request->cookie,
                 user_names);
  g_strfreev (user_names);
}

static void auth_request_complete (AuthRequest *request,
                                   gboolean     dismissed);

static gboolean
handle_cancelled_in_idle (gpointer user_data)
{
  AuthRequest *request = user_data;

  print_debug ("CANCELLED %s cookie %s", request->action_id, request->cookie);
  if (request == request->agent->current_request)
    {
      g_signal_emit (request->agent,
                     signals[CANCEL_SIGNAL],
                     0); /* detail */
    }
  else
    {
      auth_request_complete (request, FALSE);
    }

  return FALSE;
}

static void
on_request_cancelled (GCancellable *cancellable,
                      gpointer      user_data)
{
  AuthRequest *request = user_data;
  guint id;

  /* post-pone to idle to handle GCancellable deadlock in
   *
   *  https://bugzilla.gnome.org/show_bug.cgi?id=642968
   */
  id = g_idle_add (handle_cancelled_in_idle, request);
  g_source_set_name_by_id (id, "[gnome-shell] handle_cancelled_in_idle");
}

static void
auth_request_dismiss (AuthRequest *request)
{
  auth_request_complete (request, TRUE);
}

void
shell_polkit_authentication_agent_unregister (ShellPolkitAuthenticationAgent *agent)
{
  if (agent->scheduled_requests != NULL)
    {
      g_list_foreach (agent->scheduled_requests, (GFunc)auth_request_dismiss, NULL);
      agent->scheduled_requests = NULL;
    }
  if (agent->current_request != NULL)
    auth_request_dismiss (agent->current_request);

  polkit_agent_listener_unregister (agent->handle);
  agent->handle = NULL;
}

static void maybe_process_next_request (ShellPolkitAuthenticationAgent *agent);

static void
auth_request_complete (AuthRequest *request,
                       gboolean     dismissed)
{
  ShellPolkitAuthenticationAgent *agent = request->agent;
  gboolean is_current = agent->current_request == request;

  print_debug ("COMPLETING %s %s cookie %s", is_current ? "CURRENT" : "SCHEDULED",
               request->action_id, request->cookie);

  if (!is_current)
    agent->scheduled_requests = g_list_remove (agent->scheduled_requests, request);
  g_cancellable_disconnect (request->cancellable, request->handler_id);

  if (dismissed)
    g_task_return_new_error (request->simple,
                             POLKIT_ERROR,
                             POLKIT_ERROR_CANCELLED,
                             _("Authentication dialog was dismissed by the user"));
  else
    g_task_return_boolean (request->simple, TRUE);

  auth_request_free (request);

  if (is_current)
    {
      agent->current_request = NULL;
      maybe_process_next_request (agent);
    }
}

static void
maybe_process_next_request (ShellPolkitAuthenticationAgent *agent)
{
  print_debug ("MAYBE_PROCESS cur=%p len(scheduled)=%d", agent->current_request, g_list_length (agent->scheduled_requests));

  if (agent->current_request == NULL && agent->scheduled_requests != NULL)
    {
      AuthRequest *request;

      request = agent->scheduled_requests->data;

      agent->current_request = request;
      agent->scheduled_requests = g_list_remove (agent->scheduled_requests, request);

      print_debug ("INITIATING %s cookie %s", request->action_id, request->cookie);
      auth_request_initiate (request);
    }
}

static void
initiate_authentication (PolkitAgentListener  *listener,
                         const gchar          *action_id,
                         const gchar          *message,
                         const gchar          *icon_name,
                         PolkitDetails        *details,
                         const gchar          *cookie,
                         GList                *identities,
                         GCancellable         *cancellable,
                         GAsyncReadyCallback   callback,
                         gpointer              user_data)
{
  ShellPolkitAuthenticationAgent *agent = SHELL_POLKIT_AUTHENTICATION_AGENT (listener);
  AuthRequest *request;

  request = g_new0 (AuthRequest, 1);
  request->agent = agent;
  request->action_id = g_strdup (action_id);
  request->message = g_strdup (message);
  request->icon_name = g_strdup (icon_name);
  request->details = g_object_ref (details);
  request->cookie = g_strdup (cookie);
  request->identities = g_list_copy (identities);
  g_list_foreach (request->identities, (GFunc) g_object_ref, NULL);
  request->simple = g_task_new (listener, NULL, callback, user_data);
  request->cancellable = cancellable;
  request->handler_id = g_cancellable_connect (request->cancellable,
                                               G_CALLBACK (on_request_cancelled),
                                               request,
                                               NULL); /* GDestroyNotify for request */

  print_debug ("SCHEDULING %s cookie %s", request->action_id, request->cookie);
  agent->scheduled_requests = g_list_append (agent->scheduled_requests, request);

  maybe_process_next_request (agent);
}

static gboolean
initiate_authentication_finish (PolkitAgentListener  *listener,
                                GAsyncResult         *res,
                                GError              **error)
{
  return g_task_propagate_boolean (G_TASK (res), error);
}

void
shell_polkit_authentication_agent_complete (ShellPolkitAuthenticationAgent *agent,
                                            gboolean                        dismissed)
{
  g_return_if_fail (SHELL_IS_POLKIT_AUTHENTICATION_AGENT (agent));
  g_return_if_fail (agent->current_request != NULL);

  auth_request_complete (agent->current_request, dismissed);
}
